On Wednesday 15 October 2003 1:12 pm, Daniel Barron wrote:
> For various reasons I need to run squid transparently proxying but not on
> the firewall.
>
> eg:
>
> firewall(normal gateway) - 192.168.0.1
> squid box - 192.168.0.2
> 2k clients - 192.168.0.x (gateway set to .2)
>
> To do this I have set the squid box as default route on the clients and
> configured squid 2.5 to work transparently. The squid box's default route
> is the firewall. Yes I know this is a bit odd but does have advantages
> such as when the firewall is an appliance that can't have squid installed.
I would recommend that you set the clients' gateway to be the Squid box,
which has two network cards in it, and has a separate network segment joining
it to the Firewall (which is the Squid box's gateway), routing to the outside
world.
Then each machine is quite sure about which network it's on and how to reach
a machine somewhere else. Clients can't bypass Squid because there's no
other route to the outside world.
Regards,
Antony,
-- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a "methodology" or on a schedule. - Damian Conway, Perl GodReceived on Wed Oct 15 2003 - 07:29:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:30 MST